Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-10399

Unchecked string access in parseNs may yield garbage collection name for commands without collections

XMLWordPrintableJSON

    • Type: Icon: Bug Bug
    • Resolution: Done
    • Priority: Icon: Major - P3 Major - P3
    • 2.5.2
    • Affects Version/s: None
    • Component/s: None
    • None
    • ALL

      parseNs (and parseNsFullyQualified) expect that the cmdObj provided will have a leading String valued field containing a collection name, so use the unchecked valuestr() method on BSONElement to obtain that value:

      https://github.com/mongodb/mongo/blob/51af8d67570b33fa5d5b4d36b18215535d38dd85/src/mongo/db/commands.cpp#L67

      However, some commands (like a database drop) do not have a collection name.

      The auditing code in this file attempts to use these methods to format audit trail events for all commands. When it does so for commands that have no collection, the result is a collection name formed from whatever data is pointed to by the first element in the cmdObj, interpreted as a C string.

            Assignee:
            andrew.morrow@mongodb.com Andrew Morrow (Inactive)
            Reporter:
            andrew.morrow@mongodb.com Andrew Morrow (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated:
              Resolved: